Karl Bode reports in Tech Dirt:
The FBI issued a warning to cyber Monday shoppers that their smart TV is a little too smart, and likely watches you as much as you watch it. "Do a basic Internet search with your model number and the words “microphone,” “camera,” and “privacy.” Don’t depend on the default security settings. Change passwords if you can – and know how to turn off the microphones, cameras, and collection of personal information if possible. If you can’t turn them off, consider whether you are willing to take the risk of buying that model or using that service."
Like most of the infamous "internet of things," (IOT) smart TVs are a security and privacy dumpster fire. Numerous set vendors have already been caught hoovering up private conversations or transmitting private user data unencrypted to the cloud. One study in 2017 surmised that around 90% of smart televisions can be hacked remotely, something intelligence agencies, private contractors and other hackers are clearly eager to take full advantage of.
This week, the FBI, that bastion of sage privacy and security advice, issued a blog post out of its Portland field office warning cyber Monday shoppers that their smart TV is a little too smart, and likely watches you as much as you watch it. The post is filled with some handy tips to help you protect your privacy:
Granted such tips don't really do much to fix a broken sector where privacy and security remains an afterthought. A Consumer Reports study from last year found that things aren't really improving in the space. Government hasn't done much to pass any meaningful privacy law for the internet era. Gadget obsessed consumers are historically oblivious or apathetic to the problem. And product makers are too busy worrying about margins and the next big product launch to spend money to upgrade past sets or improve their privacy and security practices (at least not until there's another major scandal)."Know exactly what features your TV has and how to control those features. Do a basic Internet search with your model number and the words “microphone,” “camera,” and “privacy.” Don’t depend on the default security settings. Change passwords if you can – and know how to turn off the microphones, cameras, and collection of personal information if possible. If you can’t turn them off, consider whether you are willing to take the risk of buying that model or using that service. If you can’t turn off a camera but want to, a simple piece of black tape over the camera eye is a back-to-basics option. Check the manufacturer’s ability to update your device with security patches. Can they do this? Have they done it in the past? Check the privacy policy for the TV manufacturer and the streaming services you use. Confirm what data they collect, how they store that data, and what they do with it."
And if you've shopped for a TV recently, you may have noticed that it's largely impossible to just buy a "dumb" TV set without all of the "smart" internals. More specifically, most TV vendors don't want to sell you a bare-bones set because they want you to use their streaming services. Even more specifically, they want you to buy their sets with their specific streaming functionality because they want to spy on you and monetize your usage data.
So yeah, the FBI's tips are great and all, but they don't really get to the root of the market dysfunction that's plaguing the IOT space. There are plenty of fractured entities trying to help (like Consumer Reports' efforts to integrate an open source privacy and security standard in hardware reviews, or efforts at Princeton to make it clear what devices are actually doing on the network), but in terms of any kind of cohesive solution to the problem, there's little to nothing on the horizon.
0 comments:
Post a Comment